9242 matches found
CVE-2019-3395
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 the fixed version for 6.6.x, from version 6.7.0 before 6.8.5 the fixed version for 6.8.x, and from version 6.9.0 before 6.9.3 the fixed version for 6.9.x allows remote attackers to send arbitrary HTTP and WebD...
Server side request forgery (ssrf)
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 the fixed version for 6.6.x, from version 6.7.0 before 6.8.5 the fixed version for 6.8.x, and from version 6.9.0 before 6.9.3 the fixed version for 6.9.x allows remote attackers to send arbitrary HTTP and WebD...
CVE-2019-3395
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 the fixed version for 6.6.x, from version 6.7.0 before 6.8.5 the fixed version for 6.8.x, and from version 6.9.0 before 6.9.3 the fixed version for 6.9.x allows remote attackers to send arbitrary HTTP and WebD...
Server-Side Request Forgery (SSRF)
moodle/moodle is vulnerable to server-side request forgery SSRF. An attacker is able to submit requests on behalf of the server via the editblog.php script that allows adding of external RSS feed resources. A malicious URL/TCP PORT can be added as an RSS feed resource which would cause the server...
50m-ctf: Several vulnerabilities lead to Remote Code Execution and Arbitraty File Read on multiple servers
Summary: - Tweeted image contained URL https://bit.do/h1therm to download an APK - APK API 35.243.186.41 is vulnerable to SQL Injection on username parameter and leaked location of server 104.196.12.98 through the devices table - Login form on 104.196.12.98 is vulnerable to timing attack on hash...
Server side request forgery (ssrf)
Moodle 3.5.x before 3.5.4 allows SSRF...
Server side request forgery (ssrf)
OX App Suite 7.8.4 and earlier allows SSRF...
PT-2019-6447 · Zimbra · Zimbra Collaboration Suite
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.6 before patch 13 Zimbra Collaboration Suite versions 8.7.x before 8.7.11 patch 10 Zimbra Collaboration Suite versions 8.8.x before 8.8.10 patch 7 Zimbra Collaboration Suite versions 8.8.x before 8.8.11...
CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...
Server side request forgery (ssrf)
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...
CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...
CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...
CVE-2017-3164
CVE-2017-3164 is an SSRF vulnerability in Apache Solr affecting Log Analysis (IBM) versions 1.3.1–1.3.6 (Solr 1.3.x to 7.6). The shards parameter lacks a whitelist, allowing remote attackers with server access to trigger HTTP GET requests to any reachable URL. Connected Nessus/NASL entries corrob...
CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...
Atlassian JIRA < 7.6.1 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An...
[SECURITY] [DSA 4399-1] ikiwiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4399-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2019 https://www.debian.org/security/faq -...
CloudBees Jenkins OctopusDeploy Plugin Server Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . OctopusDeploy Plugin is used in which a...
CVE-2019-1003028
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint...
CVE-2019-1003027
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception...
Server side request forgery (ssrf)
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint...